matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-03-20. You can view files and clone it, but cannot push or open issues or pull requests.
f3054124ed
sonic-buildimage/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2
bingwang-ms f3054124ed Update check of IP_TYPE from ACL Yang model (#13810) 
Why I did it
This PR is to update the check of IP_TYPE from sonic-acl.yang.
It's because if the ACL rule is added by loading a json file with acl-loader, there is no IP_TYPE for ACL rule. If such rule exists in ACL_RULE table, the GCU (generic config updater) refuses to update any ACL rules because the existing one is invalid.
This PR updates the yang model for ACL. If the IP_TYPE leaf doesn't exist, then we don't check the field.

How I did it
Accept the rule if IP_TYPE is absent.

How to verify it
The change is verified by UT.
2023-04-03 16:34:31 +08:00

373 lines
7.5 KiB
Django/Jinja
Raw Blame History

{% if yang_model_type == "cvl" %}
/* this is sonic cvl yang model */
{% else %}
/* this is sonic py yang model */
{% endif %}
module sonic-acl {
yang-version 1.1;
namespace "http://github.com/Azure/sonic-acl";
prefix acl;
import ietf-inet-types {
prefix inet;
}
import sonic-types {
prefix stypes;
revision-date 2019-07-01;
}
import sonic-extension {
prefix ext;
revision-date 2019-07-01;
}
import sonic-port {
prefix port;
revision-date 2019-07-01;
}
import sonic-portchannel {
prefix lag;
}
import sonic-mirror-session {
prefix sms;
}
description "ACL YANG Module for SONiC OS";
revision 2019-07-01 {
description "First Revision";
}
container sonic-acl {
container ACL_RULE {
description "ACL_RULE part of config_db.json";
list ACL_RULE_LIST {
key "ACL_TABLE_NAME RULE_NAME";
leaf ACL_TABLE_NAME {
type leafref {
path "/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST/acl:ACL_TABLE_NAME";
}
}
leaf RULE_NAME {
type string {
length 1..255;
}
}
leaf PACKET_ACTION {
type stypes:packet_action;
}
/* Validating 'PACKET_ACTION' exist if ACL type is 'CTRLPLANE' */
must "(not(../../ACL_TABLE/ACL_TABLE_LIST[ACL_TABLE_NAME=current()/ACL_TABLE_NAME]/type = 'CTRLPLANE')) or (boolean(PACKET_ACTION))";
leaf MIRROR_INGRESS_ACTION {
type leafref {
path "/sms:sonic-mirror-session/sms:MIRROR_SESSION/sms:MIRROR_SESSION_LIST/sms:name";
}
}
leaf MIRROR_EGRESS_ACTION {
type leafref {
path "/sms:sonic-mirror-session/sms:MIRROR_SESSION/sms:MIRROR_SESSION_LIST/sms:name";
}
}
leaf IP_TYPE {
type stypes:ip_type;
}
leaf PRIORITY {
mandatory true;
type uint32 {
range 0..999999;
}
}
choice src_dst_address {
case l2_src_dst_address {
when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/acl:ACL_TABLE_NAME]/acl:type = 'L2')";
leaf SRC_MAC {
type stypes:mac-addr-and-mask;
}
leaf DST_MAC {
type stypes:mac-addr-and-mask;
}
}
case ip4_prefix {
when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])";
leaf SRC_IP {
type inet:ipv4-prefix;
}
leaf DST_IP {
type inet:ipv4-prefix;
}
}
case ip6_prefix {
when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY'])";
leaf SRC_IPV6 {
type inet:ipv6-prefix;
}
leaf DST_IPV6 {
type inet:ipv6-prefix;
}
}
}
leaf-list IN_PORTS {
/* Values in leaf list are UNIQUE */
type uint16;
}
leaf-list OUT_PORTS {
/* Values in leaf list are UNIQUE */
type uint16;
}
choice src_port {
case l4_src_port {
leaf L4_SRC_PORT {
type uint16;
}
}
case l4_src_port_range {
leaf L4_SRC_PORT_RANGE {
type string {
pattern '([0-9]{1,4}|[0-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-2][0-9]{2}|[6][5][3][0-5]{2}|[6][5][3][6][0-5])-([0-9]{1,4}|[0-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-2][0-9]{2}|[6][5][3][0-5]{2}|[6][5][3][6][0-5])';
}
}
}
}
choice dst_port {
case l4_dst_port {
leaf L4_DST_PORT {
type uint16;
}
}
case l4_dst_port_range {
leaf L4_DST_PORT_RANGE {
type string {
pattern '([0-9]{1,4}|[0-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-2][0-9]{2}|[6][5][3][0-5]{2}|[6][5][3][6][0-5])-([0-9]{1,4}|[0-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-2][0-9]{2}|[6][5][3][0-5]{2}|[6][5][3][6][0-5])';
}
}
}
}
leaf ETHER_TYPE {
type string {
pattern "0x0[6-9a-fA-F][0-9a-fA-F]{2}|0x[1-9a-fA-F][0-9a-fA-F]{3}|153[6-9]|15[4-9][0-9]|1[6-9][0-9][0-9]|[2-9][0-9]{3}|[1-5][0-9]{4}|6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}";
}
}
leaf IP_PROTOCOL {
type uint8 {
range 1..143;
}
}
leaf TCP_FLAGS {
type string {
pattern '0[xX][0-9a-fA-F]{1,2}(/0[xX][0-9a-fA-F]{1,2})?';
}
}
leaf DSCP {
type uint8;
}
leaf TC {
type uint8;
}
choice icmp {
case icmp4 {
when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])";
leaf ICMP_TYPE {
type uint8 {
range 1..44;
}
}
leaf ICMP_CODE {
type uint8 {
range 1..16;
}
}
}
case icmp6 {
when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY'])";
leaf ICMPV6_TYPE {
type uint8 {
range 1..44;
}
}
leaf ICMPV6_CODE {
type uint8 {
range 1..16;
}
}
}
}
leaf INNER_ETHER_TYPE {
type string {
pattern "(0x88CC|0x8100|0x8915|0x0806|0x0800|0x86DD|0x8847)";
}
}
leaf INNER_IP_PROTOCOL {
type uint8 {
range 1..143;
}
}
leaf INNER_L4_SRC_PORT {
type uint16;
}
leaf INNER_L4_DST_PORT {
type uint16;
}
leaf VLAN_ID {
type uint16 {
range 1..4094;
}
}
leaf PCP {
when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/../acl:ACL_TABLE_NAME]/acl:type = 'L2')";
type string {
pattern "[0-7]|[0-7]/[0-7]";
}
}
leaf DEI {
when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/../acl:ACL_TABLE_NAME]/acl:type = 'L2')";
type uint8 {
range "0..1";
}
}
}
/* end of ACL_RULE_LIST */
}
/* end of container ACL_RULE */
container ACL_TABLE_TYPE {
list ACL_TABLE_TYPE_LIST {
key "ACL_TABLE_TYPE_NAME";
leaf ACL_TABLE_TYPE_NAME {
type string;
}
leaf-list matches {
type string;
min-elements 1;
}
leaf-list actions {
type string;
default "";
}
leaf-list bind_points {
type enumeration {
enum PORT;
enum LAG;
}
min-elements 1;
}
}
}
container ACL_TABLE {
description "ACL_TABLE part of config_db.json";
list ACL_TABLE_LIST {
key "ACL_TABLE_NAME";
leaf ACL_TABLE_NAME {
type string;
}
leaf policy_desc {
type string {
length 1..255;
}
}
leaf type {
mandatory true;
type union {
type leafref {
path "/acl:sonic-acl/acl:ACL_TABLE_TYPE/acl:ACL_TABLE_TYPE_LIST/acl:ACL_TABLE_TYPE_NAME";
}
type stypes:acl_table_type;
}
}
leaf stage {
type string {
pattern "ingress|egress|INGRESS|EGRESS";
}
default "INGRESS";
}
leaf-list services {
type string;
}
/* Validating 'services' exist if ACL type is 'CTRLPLANE' */
must "(not(type = 'CTRLPLANE')) or (boolean(services))";
leaf-list ports {
/* union of leafref is allowed in YANG 1.1 */
type union {
type leafref {
path /port:sonic-port/port:PORT/port:PORT_LIST/port:name;
}
type leafref {
path /lag:sonic-portchannel/lag:PORTCHANNEL/lag:PORTCHANNEL_LIST/lag:name;
}
type string {
pattern "";
}
}
/* Today in SONiC, we do not delete the list once
* created, instead we set to empty list. Due to that
* below default values are needed.
*/
default "";
}
}
/* end of ACL_TABLE_LIST */
}
/* end of container ACL_TABLE */
}
/* end of container sonic-acl */
}
/* end of module sonic-acl */
Reference in New Issue View Git Blame Copy Permalink